Improve Network Security with Open Source Monowall - Page 2

Installing the Monowall Open Source Firewall

In this article we'll run Monowall on a PC via CD-ROM because this is the easiest way for most folks to get acquainted with it. (Refer to the appropriate Quickstart guide for help with USB, Compact Flash or hard drive installation.)

Download the correct Monowall image (currently this is cdrom-1.33.iso), and burn it to CD. Plug in your USB stick (don't forget this, or it won't save your settings, and then nothing will work), and then boot your test computer to the CD. Bootup should take no more than a minute, and then you'll see the Monowall console setup. This has seven options:

Interfaces: assign network ports

Set up LAN IP address

Reset webGUI password

Reset to factory defaults

Reboot system

Ping host

Install on Hard Drive

Type the number 1 and press Enter to assign network ports. If you are used to Linux and Windows Ethernet names, like eth0 and eth1, Monowall's are going to look odd. On my test system I have ed0 and em1. On yours they might be bge, ti, txp, dc, sis, or something else. Monowall displays the port names right in front of you on your screen, so you don't have to guess.

First type N to bypass configuring a VLAN (virtual LAN). Then configure your LAN and WAN interfaces, press Enter to bypass Opt configuration, and then Monowall will reboot.

When Monowall comes back up, select 2 and press Enter to set up the LAN IP address. The default is 192.168.1.1. Go ahead and type this in and press Enter.

Then it will ask if you want to enable the DHCP server. Yes you do. When it asks for the "subnet bit count" type 24, and then it will ask if you want to enable the DHCP server; say yes.

Next, the software will ask you for an IP address range; if you like you can do what I did and use 192.168.1.25 - 192.168.1.35. This means it will assign IP addresses and network configurations to up to ten client computers. (At this stage it's not all that important to get these settings perfect, because they are easy to change later in the nice webGUI.) After this it will display a confirmation of Monowall's IP address and webGUI URL.

Now turn your attention to the second PC; your test LAN client. It should be configured to its get network configuration from DHCP. If it is already running, reboot it. When it comes back up, open a terminal and ping Monowall's LAN IP address. When this succeeds look up the address assigned to the LAN client and ping it from Monowall (option 6).

When you can ping both ways, your network is correctly configured. Now it's time to enter the Monowall webGUI. Type http://192.168.1.1 into the URL bar of a Web browser on your LAN client. You will be asked for a username and password, which are admin and mono. Then you should see something like what you see in Figure 2.

Your first task in the webGUI is to go to the System > General Setup tab and change the username and password to something the whole world does not know. Then on the "webGUI protocol and port" line change HTTP to HTTPS; this is an essential security step that encrypts your Monowall traffic on your LAN anytime you log in and fuss with Monowall's settings.

You may wish to enter a domain name on the Domain line. For example, on my test network it is pupdog.net. This is not a registered domain name, but an arbitrary name for LAN use only. My hostname is firewall, so I can access the webGUI with https://firewall.pupdog.net instead of the IP address.

All righty then, that's enough for today. Be sure to read Part 2, in which we will configure Monowall to do actual network security work.

Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook, hundreds of Linux how-tos, and the former managing editor of Linux Planet and Linux Today.

Small Business Computing is on Facebook. Join us on Facebook and interact with the site's editors, post messages, share your small business challenges and successes, discuss technology and suggest topics you'd like covered on Small Business Computing.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!